diff --git a/Shorewall/manpages/shorewall-actions.xml b/Shorewall/manpages/shorewall-actions.xml
index 56bbbdfa1..f6313aa28 100644
--- a/Shorewall/manpages/shorewall-actions.xml
+++ b/Shorewall/manpages/shorewall-actions.xml
@@ -59,6 +59,20 @@
supported by Shorewall. The action may be used as the rule
target in an INLINE rule in shorewall-rules(5).
+
+ Beginning with Shorewall 4.6.0, the Netfilter table(s)
+ in which the builtin can be
+ used may be specified: filter, nat, mangle and raw. If no table name(s) are given,
+ then filter is assumed. The
+ table names follow builtin
+ and are separated by commas; for example,
+ "FOOBAR,filter,mangle" would specify FOOBAR as a builtin
+ target that can be used in the filter and mangle
+ tables.
diff --git a/Shorewall/manpages/shorewall-conntrack.xml b/Shorewall/manpages/shorewall-conntrack.xml
index c8e3c6c09..4c5aa6d8c 100644
--- a/Shorewall/manpages/shorewall-conntrack.xml
+++ b/Shorewall/manpages/shorewall-conntrack.xml
@@ -88,7 +88,7 @@
role="bold">NOTRACK|CT:helper:name[(arg=val[,...])|CT:notrack|DROP|LOG|ULOG(ulog-parameters):NFLOG(nflog-parameters)}[log-level[:log-tag]][:chain-designator]
+ role="bold">CT:notrack|DROP|LOG|ULOG(ulog-parameters):NFLOG(nflog-parameters)|IPTABLES(target)}[log-level[:log-tag]][:chain-designator]
This column is only present when FORMAT >= 2. Values other
@@ -250,6 +250,25 @@
will also be logged at that level.
+
+ (target)
+
+ Added in Shorewall 4.6.0. Allows you to specify any
+ iptables target with target options
+ (e.g., "IPTABLES(AUDIT --type drop)"). If the target is not one
+ recognized by Shorewall, the following error message will be
+ issued:
+
+
+ ERROR: Unknown target
+ (target)
+
+
+ This error message may be eliminated by adding
+ target as a builtin action in shorewall-actions(5).
+
+
diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml
index ba219f85f..3463f5017 100644
--- a/Shorewall/manpages/shorewall-mangle.xml
+++ b/Shorewall/manpages/shorewall-mangle.xml
@@ -443,7 +443,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
This error message may be eliminated by adding the
target as a builtin action in
shorewall-actions(5).
+ url="shorewall-actions.html">shorewall-actions(5).
diff --git a/Shorewall/manpages/shorewall-rules.xml b/Shorewall/manpages/shorewall-rules.xml
index 071dd51bb..88b4df638 100644
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@@ -472,6 +472,28 @@
+
+ IPTABLES({target
+ [option ...])
+
+
+ This action allows you to specify an iptables target
+ with options (e.g., 'IPTABLES(MARK --set-xmark 0x01/0xff)'. If
+ the target is not one recognized by Shorewall, the following
+ error message will be issued:
+
+
+ ERROR: Unknown target
+ (target)
+
+
+ This error message may be eliminated by adding the
+ target as a builtin action in
+ shorewall-actions(5).
+
+
+
LOG:level
@@ -863,6 +885,14 @@
+
+
+
+
+
+
+
+
DEST -
{zone|zone-list[+]|{shorewall6-rules(5).
+
+ Beginning with Shorewall 4.6.0, the Netfilter table(s)
+ in which the builtin can be
+ used may be specified: filter, nat, mangle and raw. If no table name(s) are given,
+ then filter is assumed. The
+ table names follow builtin and are separated by commas; for
+ example, "FOOBAR,filter,mangle" would specify FOOBAR as a
+ builtin target that can be used in the filter and mangle
+ tables.
diff --git a/Shorewall6/manpages/shorewall6-conntrack.xml b/Shorewall6/manpages/shorewall6-conntrack.xml
index a2b71296c..12184f741 100644
--- a/Shorewall6/manpages/shorewall6-conntrack.xml
+++ b/Shorewall6/manpages/shorewall6-conntrack.xml
@@ -88,7 +88,7 @@
role="bold">NOTRACK|CT:helper:name[(arg=val[,...])|CT:notrack|DROP|LOG|NFLOG(nflog-parameters)}[:log-level[:log-tag]][:chain-designator]
+ role="bold">CT:notrack|DROP|LOG|NFLOG(nflog-parameters)|IP6TABLES(target)}[:log-level[:log-tag]][:chain-designator]
This column is only present when FORMAT >= 2. Values other
@@ -250,6 +250,25 @@
will also be logged at that level.
+
+ (target)
+
+ Added in Shorewall 4.6.0. Allows you to specify any
+ iptables target with target options
+ (e.g., "IP6TABLES(AUDIT --type drop)"). If the target is not one
+ recognized by Shorewall, the following error message will be
+ issued:
+
+
+ ERROR: Unknown target
+ (target)
+
+
+ This error message may be eliminated by adding
+ target as a builtin action in shorewall6-actions(5).
+
+
diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml
index cb75b9b1c..efb47d1ba 100644
--- a/Shorewall6/manpages/shorewall6-mangle.xml
+++ b/Shorewall6/manpages/shorewall6-mangle.xml
@@ -445,7 +445,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark
This error message may be eliminated by adding the
target as a builtin action in
shorewall6-actions(5).
+ url="shorewall6-actions.html">shorewall6-actions(5).